Releases

2.8.27 1/6/2021

Changes

  • bump verions of several dependencies #2888
  • propagate hmail notes to split copies #2887
  • log.ini: add json to list of formats in config doc #2881
  • exclude port 587 from TLS NO-GO feature #2875
  • strip haraka-plugin- prefixes off plugin names in config/plugins #2873
  • pass smtp.ini config from Server into connections & transactions #2872

New features

  • add ability to disable SMTPUTF8 advertisement #2866

Fixes

  • assure headers.max_lines is initialized as integer #2878
  • require haraka-net-utils >= 1.2.2 #2876

release 2.8.26 12/2/2020

Changes

  • add config options for OAR & AR headers #2855
  • plugins.js: also strip haraka-plugin prefix from plugin.name #2846
  • smtp_forward/spamssassin: grab refs of conn/txn to avoid crashes due to lack of existence. #2847
  • outbound: add extended reason to bounce message #2843
  • hgrep: replaced perl script with shell script #2842
  • connection: send temp error when requested #2841
  • headers: updated deprecated messages #2845
  • hmail: socket.on -> socket.once #2838
  • hmail: check for zero length queue file #2835
  • outbound: add os.hostname() as default for outbound HELO #2813
  • use node v10's mkdir instead of mkdirp #2797
  • CI: drop appveyor and Travis #2784
  • lint: add 'prefer-template'
  • update async to version 3.2.0 #2764
  • update redis to version 3.0.0 #2759
  • remove deprecated max_unrecognized_commands from config #2755
  • CI: add ES2017 support, drop node 8 #2740
  • fix broken bannering on nested mime parts #2736
  • restore TLS version info, set correctly #2723
  • better error message when invalid HELO hostname is rejected
  • bring STARTTLS "TLS NO-GO" feature in line with Outbound's #2792
  • add listener for secureConnect #2828
  • removed plugins/data.headers to haraka-plugin-headers #2826
  • add zero-length queue size check
  • send temp instead of hard error when asked to by unrecognized_command

New features

  • Allow web interface to be bound to unix socket #2768
  • tls: add configurable minVersion to tls socket options #2738
  • connection_close_message: added ability to override close connection message replacing closing connection. Have a jolly good day. #2730
  • add JSON format for logging #2739
  • support binding web interface to unix socket

Fixes

  • check for punycode domain names when resolving MX, avoid crash #2861
  • wait until entire message is spooled when spool_after in use #2840
  • hmail: add missing space in temp_fail emitter #2837
  • fix outbound config reloading after outbound split #2802
  • smtp_forward: remove redundant outbound hook #2796
  • smtp_forward: this plugin does not use the queue_outbound hook anymore #2795
  • Fix connection pool not being unique when hosts and ports were equal between domains #2789
  • fix connection pool not being unique when hosts and ports were equal between domains #2788
  • Fix outbound.bounce_message To: header (and add Auto-Submitted) #2782
  • Fix support for DKIM signing when forwarding and aliasing is enabled #2776
  • Better error message when EHLO hostname does not have a dot #2775
  • fix bannering on nested mime parts #2737
  • TLS: don't abort loading certs in config/tls dir when an error is encountered. Process every cert file and then emit errors. #2729
  • restore TLS version, correctly #2723

v2.8.25 10/11/2019

Changes

  • conn: remove TLS version from header #2648
  • Actually enforce using key for INTERNALCMD #2643
  • trans: assign conditions to named vars #2638
  • drop node.js v6 support #2632
  • conn: use is_local instead of localhost addr tests #2627
  • spamassassin: spamassassin: strip useless WS from tests #2624
  • es6: many updates #2615, #2674, #2680
  • systemctl: update service definition #2612
  • lint: bracket style to match newer eslint:recommended #2680
  • lint: use object shorthands (eslint:recommended) #2680
  • logger: use safer Object.prototype.hasOwnProperty #2680
  • outbound: permit # char in SMTP status code response #2689
  • dkim_sign: improve docs, add tests, es6 updates #2649
  • dkim_sign: restore default key signing feature #2649
  • tmp module: update to latest #2614
  • semver: update to latest #2616, #2651
  • async: update to latest #2653, #2664
  • repo cleanup: replaced deprecated plugins with list #2681
  • spf: es6 patterns, results.pass, test improvements, es6 patterns #2700

New features

  • spf: add config option to fail on NONE #2644

Fixes

  • mailheader: fully quality header name in _remove_more #2647
  • haraka: Connection.createConnection is not a constructor #2618
  • problems with japanese characters in body and part header #2675
  • toobusy: fix hook name (connect_pre -> connect) #2672
  • outbound: watch for socket timeouts #2687
  • outbound: permit # char prefix in SMTP status code response #2691
  • mailheader: strip whitespace between encoded-words #2702

v2.8.24 3/30/2019

Changes

  • early_talker: skip if sender has good karma #2551
  • dockerfile: update to node 10 #2552
  • Update deprecated usages of Buffer #2553
  • early_talker: extend reasons to skip checking #2564
  • tls: add 'ca' option (for CA root file) #2571
  • outbound: little cleanups #2572
  • smtp_client: pass pool_timeout to new SMTPClient #2574
  • server: default to nodes=1 (was undefined) #2573
  • test/server: use IPv4 127.0.0.1 instead of localhost #2584
  • queue/smtp_*: add v3 upgrade notice and config setting #2585
  • spf: use the skip config for helo/ehlo checks #2587
  • spf: avoid 2nd EHLO evaluation if EHLO host is identical #2592
  • queue.js refactoring #2593
  • Log dkim_sign parse errors with connection ID #2596
  • Update ipaddr.js to the latest version #2599
  • make inactivity timeout match docs #2607

New Features

  • Implement SIGTERM graceful shutdown if pid is 1 #2547
  • tls: require validated certs on some ports with requireAuthorized #2554
  • spamassassin: disable checks when requested #2564
  • clamd: permit skipping for relay clients #2564
  • outbound: exported outbound.temp_fail_queue, outbound.delivery_queue and add TimerQueue.discard()
  • status: new plugin #2577

Fixes

  • mf.resolvable: reduce timeout by one second (so < plugin.timeout) #2544
  • LMTP blocks under stress #2556
  • invalid DKIM when empty body #2410
  • prevent running callback multiple times on TLS unix socket #2509
  • add missing callback when listing queue and empty directory
  • correct MIME parsing when charset: utf8 and encoding: 8bit #2582
  • spamassassin: default check flags to true #2583
  • smtp_client: destroy when connection gets conn timeout error #2604
  • on error and timeout, remove listeners and destroy conn. #2606

release 2.8.22 11/18/2018

2.8.22 - Nov 17, 2018

New Features

  • enable tls/ssl for rabbitmq amqplib plugin #2518

Fixes

  • hmail: don't send RSET to LMTP #2530

Changes

  • clamd: add check.authenticated, check.private_ip, check.local_ip option
  • use get_decoded on headers that may be encoded #2537
  • connection: move max_mime_part config load to connection init #2528
  • outbound: init TLS when we send email, not when old queue file is loaded #2503

Changes

  • relay: update port 465 doc #2522
  • hmail: log the correct err message #2531
  • ob/tls: consistently use obtls (vs plugin) for "this" name #2524
  • outbound: add domain to loginfo message #2523
  • Add connection.remote.is_local #2532
  • update license #2525
  • perf: move max_mime_parts config load to connection init #2529
  • update semver to version 5.6.0 #2517
  • added hint to encrypted file authentication #2514
  • dkim_sign: improved log messages #2499
  • ehlo_hello_message: config/ehlo_hello_message can be used to overwrite the EHLO/HELO msg replacing , Haraka is at your service #2498
  • connection: add connection.remote.is_local flag for detecting loopback and link local IPs
  • add .name to outbound TLS for logs #2492

release 2.8.21 8/9/2018

New Features

  • outbound: skip STARTTLS after remote host fails TLS upgrade #2429
  • dns_list_base: introduce global plugin.lookback_is_rejected flag #2422

Fixes

  • replace all _ chars in hostnames with code points #2485
  • Don't die on invalid commands #2481
  • outbound: check list exists before attempting to use it #2478
    • refactor outbound/hmail.process_ehlo_data #2488
  • tls: skip when redis is undefined #2472
  • Don't run delivered hook on LMTP fail #2470
  • Add tls_socket.load_tls_ini() to tls.register() #2465

Changes

  • outbound/tls: make into a class #2474
  • plugins: clear timeout on cancel #2477
  • txn.parse_body consistently a boolean #2476
  • update ipaddr.js to version 1.8.0 #2468

release-2.8.20 8/9/2018

  • New Features
    • n/a
  • Fixes
    • data_headers: check defined-ness of hdr_address after try/catch #2458
    • tls: remove tls.ini loading from plugins/tls #2459
    • tls: remove invalid opt from load_tls_ini #2456
    • outbound: escape values in HTML bounce correctly #2446
    • dkim_sign: catch exceptions when address-rfc2822 fails to parse From #2457
  • Changes
    • logger: Add "obj" log param to log hook that contains log data by type #2425
    • logger: include outbound client ID in logging #2425
    • logger: allow specifying uuid in params when logging #2425

v2.8.19 6/26/2018

  • New features
    • outbound: received_header=disabled supresses outbound Received header addition. #2409
    • auth_base.js: check_plain_passwd and check_cram_md5_passwd can now pass message and code to callback routine
    • spf: allow bypass for relay and AUTH clients #2417
    • spf: optionally add OpenSPF help text to rejection #2417
    • auth_base: prevent storing of AUTH password in connection.notes.auth_passwd by setting plugin.blackout_password. #2421
  • Fixes
    • Mitigate MIME part explosion attack #2447
    • Always prefix ClamAV with a Received header #2407
    • plugins/data.headers.js: wrap address-rfc2822 header parse into try block #2373
    • tls_socket: as client, only apply TLS opts if config is valid #2414
    • when installing, creates config/me if missing #2413
    • queue/qmail-queue: fix a 2nd crash bug when client disconnects unexpectedly #2360
    • remove desconstruction of SMTP commands to prevent exception #2398
    • attstream: return self so that pipe() calls can be chained together. #2424
    • outbound: fix dotfile cleanup to consider platform-based prefix. #2395
    • outbound: fix handling of LMTP socket when a socket path is specified. #2376
  • Changes
    • relay: move relay acl check to connect_init so flag is set earlier #2442
    • process_title: add total recipients, avg rcpts/msg, recipients/sec cur/avg/max and messages/conn #2389
    • when relaying is set in a transaction, don't persist beyond the transaction #2393
    • connection.set supports dot delimited path syntax #2390
    • remove deprecated (since 2.8.16) ./dsn.js
    • Add transaction.msg_status property that reflects message status. #2427
    • Add transaction.notes.proxy object that hold HAProxy details. #2427
    • spamassassin: make relay header configurable. #2418
    • deprecate max_unrecognized_commands plugin in favor of limit. #2402
    • xclient: add support for DESTADDR/DESTPORT. #2396

v2.8.18 3/8/2018

  • New features
    • smtp_forward: domain configuration is now chosen based on domain_selector #2346
  • Fixes
    • queue/qmail-queue: fix crash bug when client disconnects unexpectedly #2360
    • tls: fix crash bug in unrecognized_command hook
    • dkim_key_gen.sh: improve usability and parameter parsing #2355
  • Changes
    • document force_shutdown_timeout and graceful_shutdown settings #2350

release 2.8.17 2/16/2018

  • New Features
    • SMTPS port is configurable #2269
    • smtp_forward: enable_outbound can be set per domain #2335
  • Fixes
    • Fix ability to set log level to emerg #2128
    • outbound/hmail: use Buffer to correctly read binary file data + tests #2231
    • quarantine: consolidate 2x hook_init_master functions
    • tls_socket: restore SNI functionality, emit count of TLS certs #2293
    • fix smtp_client error handling #2298
    • fix outbound pools #2317
    • add openssl-wrapper as dependency #2320
    • replace _ chars in hostnames with code points #2324
    • add this.removeAllListeners('connection-error') #2323
    • Fix crashing on RSET #2328
    • Prevent data headers crit fail #2329
    • Fix undefined max_lines in log message #2337
  • Changes
    • line_socket: remove superfluous function #2339
    • consistent end of function declaration semicolon #2336
    • connection: assure hostname is set #2338
    • smtp_client: Fix log message typo #2334
    • Update ipaddr.js to version 1.6.0 #2333
    • Warn on max_header_lines #2331
    • update jquery version #2322
    • plugins: add SRS plugin to registry #2318
    • tls_socket: only generate dhparam.pem on master process #2313
    • add ENOTFOUND to also check A record #2310
    • smtp_forward: correct config file name in docs #2309
    • reduce severity of iconv conversion failure #2307
    • Add txn UUID to "250 Message Queued" #2305
    • mailheader: reduce log level priority #2299
    • greylist: only log redis DB errors when exist #2295
    • data.headers: reduce undef MLM logerror to logdebug #2294
    • quarantine: consolidate 2x hook_init_master() #2292
    • move test_queue to queue/test #2291
    • in haraka plugin test mode, add server.notes #2248
    • outbound/hmail: refactor #2238
    • outbound/hmail: add JSON sanity test before JSON.parse #2231
    • outbound/index: use newer Buffer.from syntax #2231
    • outbound/hmail: make haraka queue files human friendly #2231
    • plugins/rcpt_to.ldap -> haraka-plugin-rcpt-ldap #2144
    • plugins/auth/auth_ldap -> haraka-plugin-auth-ldap #2144
    • plugins/smtp_forward: enable_outbound can be enabled/disabled for specific domains
    • auth_proxy: read TLS key and cert files from tls.ini #2212
    • README: typo fixes #2210
    • incorrect RCPT TO reply message #2227
    • Resolve decoding bug when root part is base64 encoded. #2204
    • Resolve base64 data truncation #2188
    • Fix damaged encoding when body is non-utf #2187
    • Fix disconnect hooks #2184
    • ability to set log level to emerg #2128
    • Improve docs for Address objects #2224
    • connection: replace 3x ternaries with get_remote() #2169
    • connection.local.host populated with hostname (from config/me) #2165
    • connection.local.info populated with Haraka/version #2196
    • npm packaged plugins:
      • plugins/rcpt_to.ldap -> haraka-plugin-rcpt-ldap #2144
      • plugins/auth/auth_ldap -> haraka-plugin-auth-ldap #2144
      • plugins/graph -> haraka-plugin-graph #2185
      • plugins/graph -> haraka-plugin-graph #2185
    • config: replace ./config.js with haraka-config #2119
    • Replace concatenated strings with template literals (#2129) in:
      • attachment #2260
      • bin/spf #2129
      • bin/dkimverify #2278
      • connection #2129, #2243
      • delay_deny #2264
      • dkim #2216
      • dsn #2265
      • host_pool #2198, #2245
      • logger #2277, #2246
      • mailbody #2280
      • max_unrecognised_commands #2171
      • outbound/hmail #2259
      • outbound/index #2249
      • outbound/todo #2233
      • plugins #2239
      • plugins/aliases #2229
      • plugins/attachment #2155
      • plugins/auth_base #2252
      • plugins/avg #2156
      • plugins/backscatterer #2261
      • plugins/bounce #2229
      • plugins/clamd #2237
      • plugins/connect.rdns_access #2262
      • plugins/data.headers #2263
      • plugins/data.uribl #2258
      • plugins/helo.checks #2255
      • plugins/rcpt_to.in_host_list #2253
      • plugins/spamassassin #2256
      • plugins/profile #2170
      • plugins/rcpt_to.host_list_base #2254
      • plugins/relay #2174
      • plugins/relay_acl #2177
      • plugins/spf #2266
      • plugins/toobusy #2186
      • plugins/xclient #2159
      • rfc1869 #2159
      • smtp_client #2129, #2208
      • tests/host_pool #2159
    • use es6 destructuring (#2075) in:
      • connection #2230
      • dkim #2232
    • use es6 classes (#2133) in:
      • attachment #2260
      • attachment_stream #2215
      • chunkemitter #2219
      • dkim #2206
      • dsn #2247
      • host_pool #2194
      • mailheader #2213
      • mailbody #2213
      • smtp_client #2221
      • spf #2214
      • tls_socket #2190
      • timer_queue #2226
      • outbound/hmail #2197
      • outbound/todo #2233
    • Automatically set connection.remote.is_private when connection.remote.ip is set #2192
    • Add remove_msgid and remove_date options to outbound.send_email #2209
    • Add origin option to outbound.send_mail #2314

release 2.8.16 10/2/2017

  • Changes
    • additional tests get var -> const/let medicine #2122
    • move connection states into haraka-constants #2121
    • lint: remove useless escapes #2117
    • lint: switch no-var to error #2109
    • rspamd: repackaged as NPM module #2106
    • dsn: repackaged as NPM module haraka-dsn #2105
    • outbound: add results when queueing #2103
    • spamassassin: skip adding headers when value is empty #2102
    • Replace console.log with stdout #2100
    • update js-yaml to version 3.10.0 #2097
    • repackage p0f plugin to NPM #2076
    • ES6: replace var with const or let #2073
  • Fixes
    • daemon cwd #2126
    • updated fcrdns plugin name passed to results #2115
    • tls: only apply default key/cert paths when undefined #2111
    • dkim_verify: fix formatting of auth results #2107
    • smtp_forward: consistently use queue.wants #2107
    • haraka was adding TLS header on non-TLS connection #2103
    • dkim typo fix #2101
    • fix rfc2231 parsing code to cope with continuation #2089

release 2.8.15 9/10/2017

2.8.15 - Sep 10, 2017

  • Changes
    • Remove unused folders from installation #2088
    • smtp_forward stores queue note at queue.wants #2083
    • add get/set to conn/txn.notes #2082
    • additional results storing in smtp_forward and quarantine #2067
    • Permit log settings to be set w/o LOG prefix #2057
    • support INFO and LOGINFO as config settings #2056
    • log.ini, new default location for log related settings #2054
    • dcc: replace with npm packaged version #2052
    • qmd: replace rcpt_to.qmail_deliverable with npm #2051
    • rspamd: pass SPF evaluation #2050
    • add logfmt support #2047
    • update ipaddr.js to version 1.5.0 #2037
    • update redis to version 2.8.0 #2033
    • disable graceful for SIGTERM #2028
    • add additional integration tests #2026
    • move most npm packaged plugins into optionalDependencies #2023
  • New Features
    • TLS certificate directory (config/tls) #2032
    • plugins can specify a queue plugin & next_hop route #2067
    • connection/transaction notes now have get/set #2082
  • Fixes
    • haraka cli will now create folders if they don't exist #2088
    • maybe fix for #1852 503 response #2064
    • crash when 'AUTH LOGIN' is sent after a successful auth #2039
    • docs: fixed swaks test command #2034
    • dkim: prevent dkim_verify from causing 'cannot pipe' #1693

release 2.8.14 7/28/2017

2.8.14 - Jul 26, 2017

  • Changes
    • Fix auth plugin failure when re-selecting auth method #2000
    • don't crash Haraka when invalid YAML config encountered #2013
    • update semver to version 5.4.0 #2015
    • relay docs: correct the config file name #2012
    • rename config/xclient.hosts to match plugin & docs #2014
    • build_todo() is part of the outbound/index.js api #2016
    • update js-yaml to version 3.9.0 #2002
    • outbound/hmail: use WRITE_EXCL from haraka-constants #2011
    • replace plugins/log.elasticsearch with npm packaged #2004
    • Remove two spurious log statements #1989
    • access: rebuild blacklist upon change (vs supplement) #1990
    • deliver to qmail-queue with LF line endings (not CRLF) #1997
    • doc: add note that smtp_forward only supports STARTTLS #1988
    • import Plugins.md from v3 #1991
    • update async to 2.5.0 #1982
    • update iconv to 2.3.0 #1981
    • require node.js v6+ #1958
    • update ipaddr.js to 1.4.0 #1972
    • support newer address-rfc2822 #1970
    • update node-address-rfc2821 version to 1.1.1 #1968
    • outbound: be consistent with todo.domain #1960
    • bump haraka-results required version #1949
    • logger: load in a setImmediate call #1948
    • logger: strip intermediate \n chars #1947
    • tls consistency cleanups #1851
    • Get pool config handling simplifcation #1868
      • add integration test: send message w/smtp_client
    • replace some legacy code with es6 #1862
    • update async to version 2.2.0 #1863
    • update ipaddr.js to version 1.3.0 #1857
    • update redis to version 2.7.0 #1854
    • assure conn/tran still exists before storing results #1849
    • moved tls.ini parsing to net_utils #1848
    • smtp forward dest split routing #1847
    • rspamd: refactor complex condition into function #1840
    • block js attachments #1837
    • helo.checks: bring plugin into alignment with docs #1833
    • when proxy enabled, update remote.is_private too #1811
    • create an outbound queue filename handler #1792
    • replace connect.fcrdns with npm package #1810
    • add an additional node_modules plugin search path #1805
    • Set graceful shutdown off by default #1927
    • Allow outbound pools to be disabled #1917
    • Outbound split and move into folder #1850
    • don't emit binary characters into the logs #1902
    • Add .editorconfig #1884
    • tls: remove interim variables #1871
  • New Features
    • Use punycode domain (support SMTPUTF8) #1944
    • Added RabbitMQ vhost support #1866
    • clamav: allow "Unknown Result" and Socket Error to try next host #1931
    • outbound client certificates #1908
    • Implement the missing upgrade method on SMTPClient #1901
    • Remove typo from relay.md #1886
  • Fixes
    • outbound: fix queue not loaded for single process #1941
    • outbound: Fix undefined variable platformDOT in hmail.js #1943
    • outbound: fix undefined FsyncWriteStream var #1953
    • Fix cluster messaging for node v6+ #1938
    • outbound: fix loading under cluster. #1934
    • Check pool exists before delete #1937
    • be more strict in attachment filename matching #1957
    • doc typo fix #1963
    • RabbitMQ: fix encoding of user and password string #1964
    • spf: improve modifier regexp #1859
    • rabbitmq doc typo in config file name #1865
    • URL to manual was 404, point to Plugins.md #1844
    • smtp_client: set idleTimeout to 1s < pool_timeout #1842
    • fix broken continuations #1843
    • doc error for the 'check.authenticated' setting in rspamd plugin #1834
    • emit the result, not all of them #1829
    • fix outbound logger #1827
    • fix forwarding with client auth over TLS (forward to gmail) #1803
    • Don't blow the stack on qstat #1930
    • run dumped logs through log plugins, not console #1929
    • Fix path parsing bug on Windows platform #1919
    • helo: make sure list_re is defined before access #1903
    • TLS: handle case where OCSP server is unavailable #1880
    • rspamd: add missing 'default' keyword #1856
    • disable na├»ve comment stripping #1876

release 2.8.13 2/3/2017

  • Changes
    • new haraka-plugin-limit #1785
      • replaces plugin/limit, plugin/rate_limit, and haraka-plugin-outbound-rate-limit
    • p0f: skip on private IPs (normally empty) #1758
    • spf: skip for outbound when context != myself #1763
    • redis: plugins using redis can inherit redis config #1777
    • redis: replace plugins/redis with haraka-plugin-redis #1786
    • lint: require space before function declaration #1784
    • lint: added eslint:recommended #1790
    • logger: remove logger.colorize code for legacy node versions
  • New Features
    • redis: add redis_subscribe_pattern() #1766
    • queue/discard: add ENV that permits discarding #1791
  • Improvements
    • rspamd: improve response parsing #1770
    • restore Windows testing to working state #1755
    • elasticsearch: use UTC dates for index creation #1771
    • tls: fix dhparam usage example syntax #1774
    • typo: logerr -> logerror #1776
    • when generating long DKIM keys, include a BIND compatible folded key #1775
    • in haraka-test-fixtures, access results via fixtures.results #1783
    • integration test: end to end server testing #1791
  • Bug Fixes
    • spf: restore functionality for relay context=myself #1759
    • rate_limit:if incr creates a new record, assure it has a TTL #1781
    • tls: do not create a top level secureContext #1787
    • dnswl: swap lines to fix missing inherited methods #1793
    • dnswl: fix config loader callback syntax #1794
    • tests/plugins: unset process.env.HARAKA to avoid side effects that interfere with other tests
    • remove auth_flat_file sample auth user #1796

release 2.8.12 1/3/2017

  • Changes
    • plugin/karma -> npm packaged haraka-plugin-karma #1747
    • update generic-pool 2.4.2 -> 2.5.0
  • New Features
    • Added option to bypass SpamAssassin headers' merge #1745
  • Improvements
    • reduce severity of debug message #1744
    • fix misleading entries in config/tls.ini #1734
    • Misc. performance improvements #1738
    • set tls.sessionIdContext property (for Thunderbird compat) #1740
  • Bug Fixes
    • Swap lines to avoid clobbering response array #1743

release 2.8.11 11/24/2016

  • Changes
    • rename core_require to haraka_require #1708
    • move log.syslog to haraka-plugin-syslog #1698
    • remove tls.ini loading and is_no_tls_host to net_utils #1690
    • replace ./utils with npm packaged haraka-utils #1720
    • require node 4
    • karma: add .top TLD scoring #1714
  • New Features
    • Implement OCSP Stapling #1724
  • Improvements
    • show help for npm packaged plugins included in core #1698
    • use tls.connect for client #1682
    • bring port 465 SMTPS TLS config support on par with STARTTLS #1667
    • use tls.connect instead of createSecurePair #1678
    • redis: improve error handling in tests #
    • replace / path seperators with path.* for cross platform compat #1713
  • Bug Fixes
    • dkim_sign: per-domain key finding fixed #1707
    • Rspamd: restore spam report header #1702
    • auth/vpopmail: do not toString() when null #1695
    • fix outbound to avoid recursive reading key/cert after refactoring #1692
    • tls: fix option servername (not hostname) #1728
    • correct Auth-Results cleaning #1726
    • fix results for connection.remote_host and NXDOMAIN #1716

v2.8.10 10/20/2016

  • Changes
    • use standard npm syntax for lint and tests #1646
    • remove ./net_utils to haraka-net-utils #1644
    • remove incorrect and unused spf.hello_host #1635
    • remove rogue DENYSOFT copy-pasta error #1634
    • update async to v2 #1545
    • remove plugin/dir support from base haraka #1668
      • use node_modules_dir support instead
    • use TLSSocket instead of createSecurePair #1672
    • refactor plugins/tls #1670
    • moved watch plugin to npm as haraka-plugin-watch #1657
    • normalize proxy properties #1650
  • New Features
    • added connection.remote.is_private boolean #1648
    • added additional TLS options (@typingArtist) #1651
    • added wildcard boolean support to config loader #1680
    • tls: allow multiple key and cert parameters for RSA+ECDSA #1663
    • permit specifying haraka plugins w/o haraka-plugin- prefix #1645
      • in config/plugins and resultstore
  • Improvements
    • connection.geoip replaced by haraka-plugin-geoip #1645
    • connection.asn replaced by haraka-plugin-asn #1645
    • permit specifying npm packaged plugins w/o haraka-plugin prefix #1647
    • normalized connection properties #1547, #1577
    • Rspamd: fix spambar for negative scores #1630
    • set connection.remote.is_private early
      • replace calls to net_utils with remote.is_private test
  • Bug Fixes
    • Tidy-up graceful shutdown and fix for non-cluster mode #1639
    • Fix data.headers plugin crash #1641
    • Fix access plugin crash #1640
    • Minor DKIM fix #1642
    • do not set TLS timer if timeout=0 #1632
    • do not overwrite config/host_list on install #1637
    • correct smtp_forward cfg for multiple rcpts #1680
    • fix TLS timeout errors #1665

Oct 02, 2016 10/3/2016

2.8.9 - Oct 02, 2016

Note this release contains a major security fix for those using the attachments plugin. Previous versions of this plugin allowed remote code execution using specially crafted zip files. Users are urged to upgrade as soon as possible.

  • Changes
  • New Features
    • Support outbound.pool_timeout of 0 to effectively disable pooling. #1561
    • Added never_add_headers option to rspamd plugin. #1562
    • rcpt_to.routes URI format w/ LMTP support #1568
  • Improvements
    • The delay_deny plugin now has a whitelist mode (vs blacklist). #1564
    • Don't show the private key in logs for dkim_sign. #1565
    • update geoip for compat with newer ES (#1622)
    • drop node 0.10 testing / official support (#1621)
    • watch plugin displays UUIDs as URL (#1624)
    • Catch errors on header decode in rfc2231 #1599
    • Attachment plugin updates (#1606)
    • add outbound.ini pool_timeout example setting #1584
  • Bug Fixes
    • Fixed some small documentation issues. #1573, #1616, #1612
    • Fixed AUTH PLAIN when it spreads over two lines. #1550
    • Fixed dkim_verify calling next() too soon. #1566
    • Fixed bugs with outbound pools who shutdown before we QUIT. #1561, #1572
    • outbound issues #1615, #1603
    • Fixed adding/removing headers in rspamd plugin. #1562
    • Fixed process_title not shutting down. #1560
    • fix a spurious error emitted by p0f (#1623)
    • fix header version hiding (#1617)
    • messagestream returns destination (#1610)
    • plugins.getdenyfn now passed 3rd params arg (#1591)
    • Fix scope of spf logdebug (#1598)
    • fix rabbitmq deliveryMode bug (#1594)
    • fix dkim_sign TypeError with null mail_from.host (#1592)
    • fix dkim_sign attempting to lower an undefined (#1587)

July 20, 2016 7/20/2016

  • Changes
    • removed UPGRADE.doc to wiki
  • Improvements
    • support + wildcard in aliases plugin #1531
    • Support dkim_sign with outbound.send_email() #1512
    • spf: always check remote IP, then public IP if != pass #1528
    • spf: diplay IP used for SPF eval #1528
  • Bug Fixes
    • handle missing wss section in http.ini #1542
    • fix leak on socket write error #1541
    • add results property to outbound transaction #1535
    • don't unref unref'd wss server #1521

v2.8.7 6/18/2016

2.8.7 - Jun 18, 2016

  • Changes
    • Fix geoip test
  • Improvements
    • Allow alias plugin to explode to a list of aliases
    • Support IPv6 literals in HELO tests (#1507 thanks @gramakri)
    • Make ldap plugin use the modified address if a rcpt hook changes it (#1501 thanks @darkpixel)
  • Bug Fixes
    • Fix loading plugins as npm modules (#1513)
    • More DKIM fixes (#1506 thanks @zllovesuki)
    • Fix the long failing host-pool-timer test (#1508)
    • Fix clean shutdown of redis with new shutdown code (#1504 and #1502 thanks @darkpixel)
    • More fixes to clean shutdown (#1503)

v2.8.6 6/7/2016

  • Bug Fixes
    • Fix loading under Node v4 which sends a blank message
    • Fix quit (SIGINT) when running without nodes=

2.8.5 6/4/2016

  • Changes
    • The connection object is now passed to get_plain_passwd. Older modules should continue to work as-is.
    • The reseed_rng plugin now just uses the Crypto module from core. Though it seems this plugin should be irrelevant with newer versions of node.js
  • New Features
    • Outbound mail now uses pooled connections, only sending a QUIT message if the connection has been idle for a while.
  • Improvements
    • Shut down and reload (via haraka -c <path> --graceful) is now graceful - allowing current connections to finish and plugins to clean up before ending.
  • Bug Fixes
    • Bind maxmind version to ignore API change (#1492)
    • Fix encodings when banners are used (#1477)
    • Various DKIM fixes (#1495)

v2.8.4 5/24/2016

  • Bug Fixes
    • Fix plugin loading override when installed (#1471)

v2.8.3 5/23/2016

  • Bug Fixes
    • Fix config overriding for core modules (#1468)

v2.8.0 5/9/2016

  • Changes
    • updated dependency versions (#1426, #1425)
    • use utf8 encoding for body filters (#1429)
    • remove spameatingmonkey from tests (#1421)
    • replace ./constants.js with haraka-constants (#1353)
    • Document HMail and TODO items (#1343)
    • Copy only a minimal config/* by default (#1341).
    • cfreader/* removed to haraka/haraka-config (#1350)
    • outbound and smtp_client honor tls.ini settings (#1350)
    • outbound TLS defaults to enabled
    • lint: remove all unused variables (#1358)
    • replace ./address.js with address-rfc2181 (#1359)
  • New Features
    • smtp_forward: accepts a list of backend hosts, thanks @kgeoss (#1333)
    • config: add array[] syntax to INI files (#1345)
    • plugins.js: support require('./config') in plugins
    • Load plugin config from own folder and merge (#1335)
    • Allow original email's Subject to be included in bounce message (#1337)
    • new queue/smtp_bridge plugin, thanks @jesucarr (#1351)
  • Improvements
    • early_talker: supports IP whitelisting (#1423)
    • loading plugins as packages (#1278)
    • removed TLD stuff to haraka/haraka-tld (#1301)
    • removed unused 'require('redis') in plugins/karma (#1348)
    • improved MIME header support per rfc2231 (#1344)
    • tls options can be defined for outbound and smtp_* (#1357)
    • explicitly disable SSLv2 (#1395)
    • cache STUN results
    • xclient plugin improvements (#1405)
    • tls: Set verify=NO correctly when no certificate presented (#1400)
    • improved message header decoding (#1403, #1406)
    • bounce: skip single_recipient check for relays/private_ips (#1385)
    • rspamd docs: Clarify usage of check.private_ip (#1383)
    • if rcpt_to returns DSN in msg, log it properly (#1375)
  • Bug Fixes
    • fix out-of-range errors from banner insertion (#1334)
    • dkim_verify: Call next only after message_stream ended (#1330)
    • outbound: remove type check from pid match (#1322)
    • lint: enable no-shadown and remove all shadow variables (#1349)
    • spf: fix log_debug syntax (#1416)
    • auto_proxy: fix a starttls loop (#1392)
    • fcrdns: corrected err variable name (#1391)
    • rspamd: Fix undefined variable (#1396)
    • dkim_verify: Fix header handling (#1371)
    • smtp_client: fix remote_ip (#1362)

2.7.3 2/5/2016

  • Changes
    • smtp_proxy & qmail-queue: default to enabled for outbound deliveries (previously used Outbound), to better matches user expectations.
  • New Features
    • outbound: allow passing notes to send_email (#1295)
  • Improvements
    • logging: emit log message queue before shutting down (#1296)
    • result_store: permit redis pub/sub to work when host != localhost (#1277)
    • tests: quiet the extremely verbose messages (#1282)
    • rspamd: add timeout error handling (#1276)
    • watch: fix display of early_talker results (#1281)
    • spamassassin: publish results to result_store (#1280)
    • karma: can now connect to redis on hosts other than localhost (#1275)
    • geoip & p0f: don't log empty/null values from RFC 1918 connects (#1267)
    • redis: make plugin params match docs (#1273)
    • mailbody: small refactoring (#1315)
    • smtp_proxy & qmail-queue: default to enabled for outbound (#1308)
  • Bug Fixes
    • redis: use correct path for db.select (#1273)
    • count errors correctly (#1274)
    • logger: ignore null arguments (#1299)
    • connection: pause for hook_reset_transaction (#1303)
    • rcpt_to.routes: update redis usage for compat with redis plugin (#1302)
    • smtp_forward: use correct config path to auth settings (#1327)
    • messagestream: correctly pass options parameter to get_data (#1316)
    • spf: honour configuration for mfrom scope (#1322)
    • outbound: Add missing dash to 'Final-Recipient' header name (#1320)

Version 2.7.0 10/7/2015